3D Graphical Password Schema

IEEE: A Novel 3D Graphical Password Schema

This paper appears in: Virtual Environments, Human-Computer Interfaces and Measurement Systems,
Proceedings of 2006 IEEE International Conference on
Issue Date: 10-12 July 2006
On page(s): 125 - 128
Location: La Coruna
Print ISBN: 1-4244-0242-5
INSPEC Accession Number: 9273695
Digital Object Identifier: 10.1109/VECIMS.2006.250805
Date of Current Version: 30 November 2006

ABSTRACT

In this paper, we propose and evaluate our contribution which is a new scheme of authentication. This
scheme is based on a virtual three-dimensional environment. Users navigate through the virtual
environment and interact with items inside the virtual three-dimensional environment. The combination of
all interactions, actions and inputs towards the items and towards the virtual three-dimensional environment
constructs the user's 3D password. The 3D password combines most existing authentication schemes such
as textual passwords, graphical passwords, and biometrics into one virtual three-dimensional environment.
The 3D password's main application is the protection of critical resources and systems.

INTRODUCTION

Normally the authentication scheme the user undergoes is particularly very lenient or very strict.
Throughout the years authentication has been a very interesting approach. With all the means of
technology developing, it can be very easy for 'others' to fabricate or to steal identity or to hack
someone’s password. Therefore many algorithms have come up each with an interesting approach
toward calculation of a secret key. The algorithms are such based to pick a random number in the range
of 10^6 and therefore the possibilities of the sane number coming is rare.

Users nowadays are provided with major password stereotypes such as textual passwords,
biometric scanning, tokens or cards (such as an ATM) etc. Mostly textual passwords follow an encryption
algorithm as mentioned above. Biometric scanning is your "natural" signature and Cards or Tokens
prove your validity. But some people hate the fact to carry around their cards, some refuse to undergo
strong IR exposure to their retinas (Biometric scanning).Mostly textual passwords, nowadays, are kept
very simple say a word from the dictionary or their pet names, girlfriends etc. Ten years back Klein
performed such tests and he could crack 10-15 passwords per day. Now with the technology change,
fast processors and many tools on the Internet this has become a Child's Play. Therefore we preset our
idea, the 3D passwords which are more customizable, and very interesting way of authentication.
 Example 3D Interactive Environments

WORKING

Now the passwords are based on the fact of Human memory. Generally simple passwords are
set so as to quickly recall them. The human memory, in our scheme has to undergo the facts of
Recognition, Recalling, Biometrics or Token based authentication. Once implemented and you log in to a
secure site, the 3D password GUI opens up. This is an additional textual password which the user can
simply put. Once he goes through the first authentication, a 3D virtual room will open on the screen. Say
a virtual garage.

Now in a day to day garage one will find all sorts of tools, equipments, etc. each of them having
a unique properties. The user will then interact with these properties accordingly. Each object in the 3D
space, can be moved around in an (x,y,z) plane. That’s the moving attribute of each object. This property
is common to all the objects in the space. Suppose a user logs in and enters the garage. He sees and
picks a screw-driver (initial position in xyz coordinates (5,5,5)) and moves it 5 places to his right (in XY
plane i.e. (10,5,5).That can be identified as an authentication.

Only the true user understands and recognizes the object which he has to choose among many.
This is the Recall and Recognition part of human memory coming into play. Interestingly, a password can
be set as approaching a radio and setting its frequency to number only the user knows. Security can be
enhanced by the fact of including Cards and Biometric scanner as input. There can be levels of
authentication a user can undergo. More the confidentiality more the complexity. In that scenario a
virtual environment can be developed as a globe, a city or simply a garage.

EXPECTED FUNCTIONALITIES

1. The user can decide his own authentication schemes. If he's comfortable with Recall and
Recognition methods then he can choose the 3d authentication just used above.
2. The authentication can be improved since the unauthorized persons will not interact with the
same object as a legitimate user would. We can also include a timer. Higher the security higher
the timer. Say after 20 seconds a weak password will be thrown out.
3.
The 3D environment can change according to user’s request.
 4. It would be difficult to crack using regular techniques. Since all the algorithms follow steps to
authenticate, our project has no fixed number of steps. Hence to calculate all those possibilities
and decipher them is not easy.
5. Can be used in critical areas such as Nuclear Reactors, Missile Guiding Systems etc.
6. Added with biometrics and card verification, the scheme becomes almost unbreakable.

References

IEEE paper: 3D passwords for more secure authentication-Fawaz A.Alsulaiman and Abdulmotaleb El
Saddik

Reference: http://www.seminarprojects.com/Thread-3d-password-for-more-secure-authentication-full-
report#ixzz0w54FEmgK